Anti-Virus: “Rumors of My Death Have Been Greatly Exaggerated”

By John Slocum|June 19th, 2014

Share this story:12013

There’s never a shortage of bold predictions in the world of tech. Sometimes, these predictions come true. Most of the time however, they never materialize. And then of course, there are thousands of predictions that fall somewhere in between – predictions that seem like they could come true, but upon closer inspection, ultimately fail to pass the sniff test. Case in point: The supposed death of anti-virus software.

Over the last couple of months, we’ve seen this prediction (or proclamation, in some instances) come from several of the most well-known and well-respected figures in the world of software security. So, should you blindly take them at their word and abandon anti-virus altogether? Not so fast!

In this post, we wanted to briefly explain why this prediction is being made – why we disagree – and how MFT plays a part in our reasoning. Let’s get started…

This claim is being made for various reasons. The most altruistic of which is the truth that AV alone is no longer sufficient protection against malware and other attacks. Brian Krebs describes that perspective in his article, Antivirus is Dead: Long Live Antivirus!, discussing the evolving nature of malware and the tactics employed by cybercriminals to always stay a step ahead of the AV industry in the digital arms race. Each time “the good guys” develop smarter AV detection, “the bad guys” simply respond by using a “crypting” service that alternates scanning their malware with all of the available AV tools on the market and running custom encryption iterations until their malware is no longer detectable by any available AV protection.

In Symantec’s ‘Death of Antivirus’ Is a Dangerous Marketing Ploy, Paul Wagenseil alleged a more cynical motive behind this proclamation, ruling that Symantec’s comments were an attempt to rebrand their image in the eyes of corporate IT departments to be seen more as a rapid-reaction team that is keeping up with the evolving malware threats facing large American companies. These views, according to Wagenseil, potentially put both consumers and business professionals at risk. Consumers should not be accepting of the notion that AV’s time has passed, that it has somehow become an obsolete element of protection against harmful malware.

If AV could talk, and if it was starring in a Monty Python movie, it’d likely say, “I’m not dead… I feel fine…” as it was brought out to the Dead Collector’s cart. The fact of the matter is that AV is an indispensable layer of protection in your complete security solution. It may just be one layer in a growing number of essential security layers, but any security expert will tell you that multiple layers of security represent the new reality we must adhere to when protecting confidential, proprietary, sensitive, or personal information. Though it still embodies an important layer of protection, the indisputable truth still stands that AV alone doesn’t represent the same level of protection that it did ten or fifteen years ago.

AV scanning is one layer of protection available with your MFT solution. Use it. AV remains an important component of your protection against malware. The product, and the concept, is far from a dead technology. There are many other layers working in concert, including FIPS-validated crypto, access control, integrity checking, transport encryption, and application-specific penetration testing and code-scanning, to name a few. Removing any one of these layers means you’re relying on the remaining layers to compensate, and for every malware file or “signature” that your AV scanner misses, there are many more that it will still catch. It’s certainly worth noting that AV won’t catch everything, but that’s a far cry from declaring it dead and taking a “do I feel lucky?” approach to security. By layering AV with MFT, you’ve created a much more formidable defense against malware.

John Slocum has an extensive background in product development, disruptive strategy identification and operational business model creation. Before working as a Director of Product Management at Ipswitch, John held product management positions at aPriori and Solidworks Corporation. Previously he worked as a mechanical engineer at Varian Semiconductor and Teradyne, designing semiconductor capital equipment. John earned his BS in Mechanical Engineering at Worcester Polytechnic Institute and his MBA at Boston University - School of Management.